Thanks Harald for your reply. I do not disagree with anything you said. Unfortunately we cannot tell the US Govt that their requirements are stupid. When openssl is in FIPS mode, md5 & sha1 are disabled for everyone. So any usage from mariadb (linked with openssl) will fail.
On Thu, Aug 29, 2019 at 4:33 PM Reindl Harald <[email protected]> wrote: > > > Am 30.08.19 um 00:10 schrieb Captain Wiggum: > > I have searched the archives and forums and cannot find an answer to > > this question. > > Does mariadb support FIPS, and if so, how or where is a document about > this. > > I use mariadb 10.3.17 with OpenSSL 1.0.2 with FIPS enabled, all built > > from source. > > In FIPS mode, SHA1 is disallowed by openssl, as required by FIPS. > > However, when I search the mariadb code, SHA1 is used in many places. > > How can I update mariadb to use sha256, without a ton of recoding? > > Any tips appreciated. > > outside of encryption code nothing is wrong with SHA1 depending on the > usecase and without context "SHA1 is used in many place" is a useless > statement > > there are even usecases where MD4 is just fine > > againb: not every usage of a hash function is security related or > collisions prone and in that case it would be pretty dumb use a much > slower sha256 hash > > _______________________________________________ > Mailing list: https://launchpad.net/~maria-discuss > Post to : [email protected] > Unsubscribe : https://launchpad.net/~maria-discuss > More help : https://help.launchpad.net/ListHelp >
_______________________________________________ Mailing list: https://launchpad.net/~maria-discuss Post to : [email protected] Unsubscribe : https://launchpad.net/~maria-discuss More help : https://help.launchpad.net/ListHelp
